Why errors are received when changing IPv6 kernel parameters?

# sysctl -p
error: "net.ipv6.conf.default.accept_redirects" is an unknown key
error: "net.ipv6.conf.default.accept_ra" is an unknown key
error: "net.ipv6.conf.all.disable_ipv6" is an unknown key
error: "net.ipv6.conf.default.disable_ipv6" is an unknown key

Internet Protocol Version 6 (IPv6) is enabled by default in AlmaLinux and CentOS. However, some users might find it preferable to turn off IPv6 functionality in specific circumstances or to turn it back on after it has been turned off.

Disable IPv6 support in AlmaLinux 8 and 9

Disable IPv6 in NetworkManager.

For AlmaLinux 8,

# nmcli connection modify <Connection Name> ipv6.method "ignore"

For AmlaLinux 8.1 and above and for AlmaLinux 9.

# nmcli connection modify <Connection Name> ipv6.method "disabled"

Option 1

Disable IPv6 via sysctl settings. Please be aware that this breaks SSH X11Forwarding unless /etc/ssh/sshd_config contains AddressFamily inet and the SSH service is restarted.

Create a new file named /etc/sysctl.d/ipv6.conf containing the below text. Important Note: the internal working of some RHEL components or other AlmaLinux versions may require IPv6, at least on the loopback interface. Therefore, the below text purposely does not disable IPv6 on it.

# First, disable for all interfaces
net.ipv6.conf.all.disable_ipv6 = 1
# If using the sysctl method, the protocol must be disabled on all specific interfaces, as well.
net.ipv6.conf.<interface>.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Reload new settings as follows.

# sysctl -p /etc/sysctl.d/ipv6.conf

Create a backup of the initial RAM disk image.

# cp -p /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r)_$(date +%Y-%m-%d_%H%M%S).img

Then rebuild the initramfs using the below command.

# dracut -f -v

Verify as follows.

# lsinitrd /boot/initramfs-$(uname -r).img | grep 'etc/sysctl.d/ipv6.conf'

Comment out any IPv6 addresses found in /etc/hosts, including the ::1 localhost address if the important note in step #1 was deemed not applicable.

# cp -p /etc/hosts /etc/hosts.disableipv6
# sed -i 's/^[[:space:]]*::/#::/' /etc/hosts

Option 2

Disable the kernel module that supports IPv6. Important Information: Some AlmaLinux and CentOS versions may need IPv6 at least on the loopback interface in order to function properly. As a result, it is not advised to use the procedure below.

Edit /etc/default/grub and append ipv6.disable=1 to GRUB_CMDLINE_LINUX like the following sample.

GRUB_CMDLINE_LINUX="rd.lvm.lv=rhel/swap crashkernel=auto rd.lvm.lv=rhel/root ipv6.disable=1"

Run the grub2-mkconfig command to regenerate the grub.cfg file.

# grub2-mkconfig -o /boot/grub2/grub.cfg

On UEFI systems, run the following.

# grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg

Reboot the system to disable IPv6 support.

Change the "v" in the third column of /etc/netconfig to "-" (hyphen/dash) to stop rpc* messages from being printed once IPv6 has been disabled.

If you follow the above method and notice any SELinux denied messages in audit.log file such as *avc: denied { module_request }* then use option #1.

Re-enable IPv6 support in AlmaLinux 8 and 9

If option #1, above was done: Remove the sysctl values.

Delete the /etc/sysctl.d/ipv6.conf file.

Restore the original initial RAM disk image from the backup that was created.

# mv /boot/initramfs-4.18.0-240.el8.x86_64_2022-12-16_230548.img /boot/initramfs-4.18.0-240.el8.x86_64.img

If AddressFamily inet was added to the /etc/ssh/sshd_config file to keep SSH X11Forwarding, then remove it and restart the SSH service.

Restore the old /etc/hosts file.

# mv /etc/hosts.disableipv6 /etc/hosts

Reboot server to enable IPv6 support.

If option #2, above was done: Enable the IPv6 built-in kernel module.

Edit /etc/default/grub and delete the entry ipv6.disable=1 from the GRUB_CMDLINE_LINUX, like the following sample.

GRUB_CMDLINE_LINUX="rd.lvm.lv=rhel/swap crashkernel=auto rd.lvm.lv=rhel/root"

Run the grub2-mkconfig command to regenerate the grub.cfg file.

# grub2-mkconfig -o /boot/grub2/grub.cfg

Alternatively, on UEFI systems, run the following.

# grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg

Re-enable IPv6 in NetworkManager.

Change the connection's ipv6.method from disabled to the appropriate value depending on the connection's addressing type to re-enable IPv6 with NetworkManager. Possible choices include.

# nmcli connection modify <Connection Name> ipv6.method "auto"
# nmcli connection modify <Connection Name> ipv6.method "dhcp"
# nmcli connection modify <Connection Name> ipv6.method "link-local"
# nmcli connection modify <Connection Name> ipv6.method "manual"

Some of the aforementioned instructions need further inputs, including the DHCP client information or a static IP address.

Disable IPv6 support in CentOS 7

Option 1

Disable IPv6 via sysctl settings. Please be aware that this breaks SSH X11Forwarding unless /etc/ssh/sshd_config contains AddressFamily inet and the SSH service is restarted.

Create a new file named /etc/sysctl.d/ipv6.conf containing the below text. Important Note: the internal working of some CentOS may require IPv6 at least on the loopback interface. Therefore, the below text purposely does not disable IPv6 on it.

# First, disable for all interfaces
net.ipv6.conf.all.disable_ipv6 = 1
# If using the sysctl method, the protocol must be disabled on all specific interfaces, as well.
net.ipv6.conf.<interface>.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Reload new settings as follows.

# sysctl -p /etc/sysctl.d/ipv6.conf

Create a backup of the initial RAM disk image.

# cp -p /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r)_$(date +%Y-%m-%d_%H%M%S).img

Now rebuild initramfs as follows.

# dracut -f -v

Verify the inclusion as follows.

# lsinitrd /boot/initramfs-$(uname -r).img | grep 'etc/sysctl.d/ipv6.conf'

Comment out any IPv6 addresses found in /etc/hosts, including the ::1 localhost address if the important note in step #1 was deemed not applicable.

# cp -p /etc/hosts /etc/hosts.disableipv6
# sed -i 's/^[[:space:]]*::/#::/' /etc/hosts

Option 2

Disable the kernel module that supports IPv6. Important Information: Some CentOS versions may need IPv6 at least on the loopback interface in order to function correctly. As a result, it is not advised to use the procedure below.

Edit /etc/default/grub and append ipv6.disable=1 to GRUB_CMDLINE_LINUX like the following sample.

GRUB_CMDLINE_LINUX="rd.lvm.lv=rhel/swap crashkernel=auto rd.lvm.lv=rhel/root ipv6.disable=1"

Run the grub2-mkconfig command to regenerate the grub.cfg file.

# grub2-mkconfig -o /boot/grub2/grub.cfg

On UEFI servers, run the following.

# grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg

Reboot the server to disable IPv6 support.

After removing IPv6, modify the lines beginning with udp6 and tcp6 in /etc/netconfig by replacing the "v" in the third column with a "-" (hyphen/dash).

Disable IPv6 support in CentOS 7

If option #1, above was done: Remove the sysctl values.

Delete the /etc/sysctl.d/ipv6.conf file.

Restore the original initial RAM disk image from the backup that was created.

# mv /boot/initramfs-3.10.0-1160.76.1.el7.x86_64_2022-12-16_230548.img /boot/initramfs-3.10.0-1160.76.1.el7.x86_64.img

If AddressFamily inet was added to the /etc/ssh/sshd_config file to keep SSH X11Forwarding, remove it and restart the SSH service.

Restore the old /etc/hosts file.

# mv /etc/hosts.disableipv6 /etc/hosts

Reboot server to enable IPv6 support.

If option #2, above was done: Enable the IPv6 built-in kernel module.

Edit /etc/default/grub and delete the entry ipv6.disable=1 from the GRUB_CMDLINE_LINUX, like the following sample:

GRUB_CMDLINE_LINUX="rd.lvm.lv=rhel/swap crashkernel=auto rd.lvm.lv=rhel/root"

Run the grub2-mkconfig command to regenerate the grub.cfg file.

# grub2-mkconfig -o /boot/grub2/grub.cfg

On the UEFI server, execute the following.

# grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg

The current state of the ipv6 module disable option can be seen via sysfs.

# cat /sys/module/ipv6/parameters/disable
1

The current state of the sysctl disable_ipv6 can be seen with the sysctl command.

# sysctl -a 2>/dev/null | grep disable_ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.eth0.disable_ipv6 = 0

To list any IPv6 addresses assigned to the system.

# ip -6 addr

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

How to disable or enable the IPv6 protocol in AlmaLinux?

Disable IPv6 support in AlmaLinux 8 and 9

Option 1

Option 2

Re-enable IPv6 support in AlmaLinux 8 and 9

Disable IPv6 support in CentOS 7

Option 1

Option 2

Disable IPv6 support in CentOS 7

Leave a Reply Cancel reply